How much do you know about the “deep web”? Or, a better question may be, as a business, how much do you need to know about the deep web?
There’s a chance that, unless you’re an IT specialist, your perception of this universe is one or both of the following:
1. The deep web is a place of illegal internet activity
2. If you don’t bother with it, it won’t bother you
Both, according to Christopher Budd, a global threat communications manager with Trend Micro, are slight misconceptions.
First, he said, the deep web is a gray zone.
In simple terms, it’s any web content that is not or can’t be indexed by search engines like Google. This often comes down to websites that are registered on something other than the standard domain name system, or in other cases actively hidden or protected for reasons such as criminal activity.
To Budd, it’s as much a transnational tool as the internet, and it’s also one that is governed differently depending on the jurisdiction.
“Some of the activity that takes place on the deep web are being consciously done to circumvent the user’s local laws,” said Budd.
Yet while the deep web is obviously associated with entities such as the Silk Road and other crime hubs, its legality still largely depends on the action. In its 2015 report called “Below the Surface: Exploring the Deep Web,” Trend Micro describes that a large portion of deep web sites are personal or political blogs, news sites, discussion forums, religious sites and even radio stations.
“Just like sites found on the Surface Web, these niche Deep Web sites cater to individuals hoping to talk to like-minded people, albeit anonymously,” the report said.
More importantly, however, might be misconception no. 2.
“Yes, if you don’t go to the deep web, then some of the bad things on the deep web won’t immediately affect you,” said Budd.
However, the realm is not dormant. While it is well-known that cyber attacks and malware, especially ransomware, has become sophisticated, it’s important to understand the role that the deep web plays in enablement, he said.
“[The deep web] provides more infrastructure and way for tools and data to be exchanged for the bad guys,” said Budd.
He said that malware is moving and operating increasingly in the deep web to escape prosecution or shut down.
One example of this, he said is a category of ransomware known as “Cryptolocker”, which encrypts critical files on a victim’s computer and demands payment in exchange for decryption, which has seen a spike in popularity among cyber criminals in the first quarter of 2015. It not only uses the deep web for command and control, but will now also direct users to the deep web to pay the ransom.
To combat this, he said, businesses should deploy good backup programs, policies and procedures.
But what’s more, for IT professionals and service providers, network monitoring must include outgoing traffic that may be going to the deep web.
Despite a company’s security efforts, malware can be embedded on compromised ad servers that can attack computers from legitimate websites requiring zero user interaction, in a practice known as “drive-bys,” which undermine “two-thirds of best practices,” Budd said.
“Sometimes we see thousands of pieces of credit card information moving off a network, and we just wonder, how do you not notice that?” Budd said. “Monitoring outbound data traffic is something that people aren’t doing enough of. Understand that there is this deep web and that when you’re monitoring network traffic to look out for suspicious activity. Very few businesses have a legitimate reason to be going there.”